OpenSSH 2 - can't get pubkeys to authenticate

_t0pper _ t0pper at hotmail.com
Thu Jul 5 02:42:31 EST 2001 

The System:
RedHat 7.0
OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090581f

Client:
PuTTY

The Problem:

I've installed the newest version of OpenSSH on RedHat 7.0 and can get
most things to work, except when I want to use Public Keys with
version 2.0.

If I use straight password authentication, I can get PuTTY to connect
using either SSH 1 or SSH 2.

If I RSA authentication for SSH1, it also works, no matter if I create
the key on the client and transport the public key to the server or if
I create the keys on the server and get the private key to the client.
Both ways are successful. (Yes, I use authorized_keys in the
$HOME/.ssh directory).

The problem I'm running into is getting public key authentication to
work with SSH2.  I create the keys on the server, put the public key
into the authorized_keys2 file and transport the private key to the
client.  When I try to connect to the server, it prompts me for a
username, I put that in, but then it asks for my password....  This
shouldn't happen.  I have password authentication turned off (so of
course, if I enter in a password, it fails).

The following is the logon as it occurred:

login as: xxxxxx
password:
Access denied
login as:
password:

I've include my sshd_config file and some debugging information, if
anyone can help me, I'd really appreciate it.  I've read about all the
FAQs and READMEs that exist and keep hitting my head against a wall.
El Manual isn't helping me out here.

Thanks,
t0p


<---Begin /etc/ssh/sshd_config--->

Port 22
Protocol 2,1
ListenAddress 0.0.0.0
HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin no
IgnoreRhosts yes
IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding no
X11DisplayOffset 10
PrintMotd yes
KeepAlive yes
SyslogFacility AUTH
LogLevel INFO
RhostsAuthentication no
RhostsRSAAuthentication no
HostbasedAuthentication no
RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
Subsystem       sftp    /usr/libexec/openssh/sftp-server

<---END /etc/ssh/sshd_config--->


<---DEBUG CODE--->

debug1: Seeding random number generator
debug1: sshd version OpenSSH_2.9p2
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 1.2.3.4 port 2267
debug1: Client protocol version 2.0; client software version PuTTY
debug1: no match: PuTTY
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_2.9p2
debug1: Rhosts Authentication disabled, originating port not trusted.
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server 3des-cbc hmac-sha1 none
debug1: kex: server->client 3des-cbc hmac-sha1 none
debug1: dh_gen_key: priv key bits set: 192/384
debug1: bits set: 516/1024
debug1: expecting SSH2_MSG_KEXDH_INIT
debug1: bits set: 494/1024
debug1: sig size 20 20
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user xxxxxx service ssh-connection method
password
debug1: attempt 0 failures 0
debug1: Starting up PAM with username "xxxxxx"
debug1: PAM setting rhost to "machine.domain.com"
Failed password for xxxxxx from 1.2.3.4 port 2267 ssh2
debug1: userauth-request for user xxxxxx service ssh-connection method
password
debug1: attempt 1 failures 1
Failed password for xxxxxx from 1.2.3.4 port 2267 ssh2
Read from socket failed: Connection reset by peer
debug1: Calling cleanup 0x8051950(0x0)
debug1: Calling cleanup 0x8066eb0(0x0)

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com

More information about the openssh-unix-dev mailing list